ID:6115 - Exploit for Input validation error in Microsoft SQL Server Management Studio - CVE-2018-8527

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:6115 - Exploit for Input validation error in Microsoft SQL Server Management Studio - CVE-2018-8527

ID:6115 - Exploit for Input validation error in Microsoft SQL Server Management Studio - CVE-2018-8527

Published: June 17, 2021


Vulnerability identifier: #VU14918
Vulnerability risk: Low
CVE-ID: CVE-2018-8527
CWE-ID: CWE-611
Exploitation vector: Remote access
Vulnerable software:
Microsoft SQL Server Management Studio

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error when processing XEL files. A local user with privileges to read data on SQL server can gain unauthorized access to sensitive information stored in database and on the filesystem.

Note: this vulnerability seems to be unintentionally disclosed by Microsoft before the official patch release.


Remediation

Install updates from vendor's website.